ansaurus

Question

PHP detect if page is reloaded with PHP_SELF

Answer 1

A:

You can just use what you're using pretty much:

if (isset($_POST['submit'])) {
    echo "data submitted";
}

Why not do that?

dscher 2010-05-19 22:05:34

Because he's doing a redirect there and needs to show the "Data updated" after that redirect.

mercator 2010-05-19 22:14:52

Oh, mis-understood. Thanks mercator, it's nice when people help more than just the people asking the question, SO is a great community.

dscher 2010-05-19 23:51:34

Answer 2

A:

A generally accepted way to prevent the "resend data" message is to use the Post-Redirect-Get pattern.

Ideally you shouldn't be using the same page to display results and also process the form. I would suggest moving "Data updated" to a separate page that you redirect to after the form validation has passed.

This way, the Back button on the browser behaves intuitively for the user without those annoying messages.

Also, technically the $_SERVER "referer" value can be spoofed so you shouldn't always rely on it.

Lotus Notes 2010-05-19 22:09:47

Answer 3

+2 A:

If you want to be absolutely sure that a form was submitted, you can store a variable in a session:

session_start();      // at top of page
...
if (isset($_POST['Submit'])) {
    $_SESSION['form_submitted'] = true;
    ...
    // prevent resending data
    header("Location: " . $_SERVER['PHP_SELF']);
}
elseif ($_SESSION['form_submitted'])
{
    ...
}

Less reliable but also possible is the use of $_SERVER['HTTP_REFERER'] to detect what page the visitor came from.

jeroen 2010-05-19 22:09:56

I'd say checking the referrer is good enough if it's just to show an informational message.

mercator 2010-05-19 22:19:10

Thanks Jeroen. Something like: if (basename($_SERVER['HTTP_REFERER']) == basename($_SERVER['PHP_SELF'])) echo "data updated"; Will do the trick for now than? I am not to much concerned about security as this page is behind a login sysytem.

FFish 2010-05-19 22:22:24

@FFish: Something like that should do it. Note however that if people can click on a link to the same page, they will also get that message (like clicking on Contact on the Contact page).

jeroen 2010-05-19 22:32:16

As jeroen says, you just need to set $_SESSION['form_submitted'] = false; inside the elseif block, to prevent it remaining set for the whole session.

amir75 2010-05-19 22:48:38

Answer 4

A:

You could do something like this ...

a. redirect to self, but with an extra piece of information - "?updated=true" (or *&*updated=true if PHP_SELF already contains a query string)

if (isset($_POST['Submit'])) {
    // prevent resending data
    header("Location: " . $_SERVER['PHP_SELF'] . '?updated=true');
}

b. Based on this extra information, display the text.

if (isset($_GET['updated'])) {
    echo "data updated";
}

... and yes, your redirect is a valid way to prevent resubmision

amir75 2010-05-19 22:12:53

thanks but I have already a var in there like: admin/photos-edit.php?ref=002140 and would like to keep it that way.

FFish 2010-05-19 22:26:24

amir75 2010-05-19 22:44:33

yeah I know, it's a good solution but I want to keep the url clean like that. thnx anyway

FFish 2010-05-19 23:07:24

ansaurus

tags:

views:

answers:

PHP detect if page is reloaded with PHP_SELF

related questions